Lucene search
K

43 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-7292

Malware in sbrugna...

2.1CVSS6.3AI score0.00539EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-25500

Malware in sbrugna...

9.1CVSS7AI score0.00659EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5838

Malicious code in bioql PyPI...

3.1CVSS3.8AI score0.01302EPSS
Exploits0References11
NVD
NVD
added 2025/08/22 4:15 p.m.6 views

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

8.1CVSS0.00202EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-47908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH heade...

7.5CVSS6.8AI score0.00533EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/08/06 8:41 p.m.6 views

CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers ACRH header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt...

7.5CVSS7AI score0.00533EPSS
Exploits0
Veracode
Veracode
added 2025/06/05 3:18 p.m.8 views

Sensitive Information Disclosure

@auth0/nextjs-auth0 is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing cache control headers due to session cookies being cached by CDNs, potentially exposing sensitive session information to unauthorized users...

7.7CVSS5.9AI score0.00364EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/06/04 8:14 p.m.68 views

CVE-2025-48947

The CVE describes a vulnerability in the Auth0 Next.js SDK (auth0/nextjs-auth0) affecting versions 4.0.1–4.6.0 where __session cookies set by auth0.middleware can be cached by CDNs due to missing Cache-Control headers. Preconditions require: (1) use of the NextJS-Auth0 SDK, (2) CDN/edge caching o...

7.7CVSS6.6AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 11:15 p.m.21 views

CVE-2025-32421

Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve pageProps data instead of standard HTML. Thi...

3.7CVSS0.00666EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/01/11 12:0 a.m.37 views

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2025:0058-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0058-1 advisory. Update to Tomcat 9.0.98 - Fixed CVEs: - CVE-2024-54677: DoS in examples web application bsc1234664 - CVE-2024-50379:...

9.8CVSS7.8AI score0.43663EPSS
Exploits14References13
RustSec
RustSec
added 2024/01/23 12:0 p.m.6 views

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...

8.1CVSS7.3AI score0.00632EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.3 views

GHSA-VM9C-39JX-Q45W Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy...

6.9CVSS6.3AI score0.01538EPSS
Exploits1References6
Hacker One
Hacker One
added 2021/12/11 8:52 p.m.30 views

Glassdoor: Web Cache Poisoning leads to Stored XSS

@bombon reported to us a web cache poisoning issue that led to caching of gdTokenAnti-CSRF token across different Glassdoor pages and in some instances could be chained to perform XSS by caching the XSS payload. This has now been resolved using CF web cache armor and cache-control headers...

6.2AI score
Exploits0
Huntr
Huntr
added 2021/10/08 4:12 p.m.8 views

in publify/publify

Description publify does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: click on admin link https://demo-publify.herokuapp.com/admin 3: Logout 4: Press the back button of the opened tab to still see that you can view the information . Impact This issue is capabl...

Exploits0References1
Huntr
Huntr
added 2021/10/08 2:23 a.m.10 views

in bookstackapp/bookstack

Description Bookstack does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: View a shelf 3: Logout 4: Press the back button of the opened tab to still see that you can view the information about books previous page of your shelf. Impact This issue is capable of...

1.1AI score
Exploits0References1
OSV
OSV
added 2020/08/06 5:15 p.m.3 views

CVE-2020-7460

In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...

7CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2020/06/24 11:15 p.m.3 views

UBUNTU-CVE-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

3.1CVSS5.8AI score0.01302EPSS
Exploits0References7
CVE
CVE
added 2017/03/13 6:14 a.m.55 views

CVE-2017-6080

CVE-2017-6080 affects Zammad versions prior to 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Root cause: missing protection via HTTP Access-Control headers. Attack surface: cross-domain requests to the REST API for users with a valid session cookie, enabling disclosure of results. Impact ran...

9.8CVSS9.3AI score0.00727EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2015/10/14 7:59 p.m.17 views

Design/Logic Flaw

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

2.1CVSS6.2AI score0.00539EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2015/10/14 7:0 p.m.24 views

CVE-2015-7368

Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache...

5.7AI score0.00539EPSS
Exploits1References5
Rows per page
Query Builder